Israel espionage case points to new Net threat

Electronic dumpster diving
Rob Douglas is a former private investigator who now runs PrivacyToday.com. In his prior life he said he committed what he believes were several acts of legally permissible industrial espionage — hunting for what his clients called “competitive intelligence.”  One time he was paid $10,000 to attend a trade show, pose as a company executive and buy a competitor’s technology. His employer planned to reverse engineer the hardware to see if their technology had been copied. In another incident, he was paid by a boating association to “dumpster dive” on another boating association for corporate data the association had discarded as trash.

While Douglas said he believes the surreptitious use of Trojan horse software is clearly illegal, he fears that for some unscrupulous private investigators stealing such data remotely is simply the next logical step.

“This is the electronic version of dumpster diving,” he said. “For private investigators that would spend hundreds of hours dumpster diving, digging through dirty trash, with all the risks you have, electronic dumpster diving is much easier. And it's 100 percent accurate. You’re not digging through junk, bags of dog poop thrown in the trash, that kind of thing.”

Discussion lists for private investigators were abuzz with Trojan talk after the Israeli incident.  Private investigators rarely publicly disclose their methods, but many PI Web sites do sell such spying software, designed to evade detection by anti-virus and anti-spyware computers.

Six months ago, Ponemon said, he would have dismissed the possibility of a Trojangate in the U.S.  But a research project he’s now conducting for his current firm, The Ponemon Institute, has convinced him otherwise. He’s placed a computer with fake critical business documents on the Internet, a honeypot, designed to entice hackers and study their techniques.  What he’s learned: Virus writers are now authoring programs designed specifically to look for documents flagged as “confidential” or "critical." They’ve also built software that can quickly index information on spy-software attacked computers — a sort of Google for economic espionage —to make sorting through mountains of stolen data easy.

“I'm starting to believe it could be much more common,” Ponemon said.  “If you asked me this question three or four months ago, I would say we're giving too much credit to the criminal. But we are starting to see these technologies. … I'm really worried now.”

Security consultants like Ponemon are hamstrung in what they can say by non-disclosure agreements; their claims of massive data theft sometimes fall flat — or suffer utter disbelief — without the supporting details. That’s why the Israeli incident is both important and fascinating for security experts; it offers a glimpse of the world of economic espionage rarely seen by outsiders. It is perhaps the first definite proof that this kind of thing actually happens.

MORE FROM SECURITY

Security Section Front

Was Palin's SSN published on the Web? Facebook to test N.J.'s Web safety icon French issue call to storm 'electronic Bastille' A new way to 'spy' on neighbors? 'Net ad targeting may lose to privacy concerns Phone companies plan backups for Gustav Tips for staying connected in disasters iPhone security flaw exposes private data A new way to avoid bogus Web sites 'Forgot your password?' may be weakest link Security Section Front   Add Security headlines to your news reader: